1 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3 <html xmlns="http://www.w3.org/1999/xhtml">
6 <title>Samba - Security Announcement Archive</title>
11 <H2>CVE-2007-4572 - GETDC mailslot processing buffer overrun in nmbd</H2>
16 ==========================================================
18 == Subject: Stack buffer overflow in nmbd's logon
19 == request processing.
21 == CVE ID#: CVE-2007-4572
23 == Versions: Samba 3.0.0 - 3.0.26a (inclusive)
25 == Summary: Processing of specially crafted GETDC
26 == mailslot requests can result in a buffer
27 == overrun in nmbd. It is not believed that
28 == that this issues can be exploited to
29 == result in remote code execution.
31 ==========================================================
37 Samba developers have discovered what is believed to be
38 a non-exploitable buffer over in nmbd during the processing
39 of GETDC logon server requests. This code is only used
40 when the Samba server is configured as a Primary or Backup
48 A patch addressing this defect has been posted to
50 http://www.samba.org/samba/security/
52 Additionally, Samba 3.0.27 has been issued as a security
53 release to correct the defect.
60 Samba administrators may avoid this security issue by disabling
61 both the "domain logons" and the "domain master" options in in
62 the server's smb.conf file. Note that this will disable all
63 domain controller features as well.
70 This vulnerability was discovered by Samba developers during
71 an internal code audit.
73 The time line is as follows:
75 * Sep 13, 2007: Initial report to security@samba.org including
77 * Sep 14, 2007: Patch review by members of the Josh Bressers
78 (RedHat Security Team) and Simo Sorce (Samba/RedHat developer)
79 * Nov 15, 2007: Public security advisory made available.
82 ==========================================================
83 == Our Code, Our Bugs, Our Responsibility.
85 ==========================================================